Cybercrime

Victims of AI-driven sex crimes in Korea continue to grow

South Korea is facing a sharp rise in AI-related digital sex crimes, with deepfake pornography and online abuse increasingly affecting young women and children.

According to figures released by the Ministry of Gender Equality and Family and the Women’s Human Rights Institute, over 10,000 people sought help last year, marking a 14.7 percent increase from 2023.

Women made up more than 70 percent of those who contacted the Advocacy Center for Online Sexual Abuse Victims.

The majority were in their teens or twenties, with abuse often occurring via social media, messaging apps, and anonymous platforms. A growing portion of victims, including children under 10, were targeted due to the easy accessibility of AI tools.

The most frequently reported issue was ‘distribution anxiety,’ where victims feared the release of sensitive or manipulated videos, followed by blackmail and illegal filming.

Deepfake cases more than tripled in one year, with synthetic content often involving the use of female students’ images. In one notable incident, a university student and his peers used deepfake techniques to create explicit fake images of classmates and shared them on Telegram.

With over 300,000 pieces of illicit content removed in 2024, authorities warn that the majority of illegal websites are hosted overseas, complicating efforts to take down harmful material.

The South Korean government plans to strengthen its response by expanding educational outreach, supporting victims further, and implementing new laws to prevent secondary harm by allowing the removal of personal information alongside explicit images.

For more information on these topics, visit diplomacy.edu.

DeepSeek highlights the risk of data misuse

The launch of DeepSeek, a Chinese-developed LLM, has reignited long-standing concerns about AI, national security, and industrial espionage.

While issues like data usage and bias remain central to AI discourse, DeepSeek’s origins in China have introduced deeper geopolitical anxieties. Echoing the scrutiny faced by TikTok, the model has raised fears of potential links to the Chinese state and its history of alleged cyber espionage.

With China and the US locked in a high-stakes AI race, every new model is now a strategic asset. DeepSeek’s emergence underscores the need for heightened vigilance around data protection, especially regarding sensitive business information and intellectual property.

Security experts warn that AI models may increasingly be trained using data acquired through dubious or illicit means, such as large-scale scraping or state-sponsored hacks.

The practice of data hoarding further complicates matters, as encrypted data today could be exploited in the future as decryption methods evolve.

Cybersecurity leaders are being urged to adapt to this evolving threat landscape. Beyond basic data visibility and access controls, there is growing emphasis on adopting privacy-enhancing technologies and encryption standards that can withstand future quantum threats.

Businesses must also recognise the strategic value of their data in an era where the lines between innovation, competition, and geopolitics have become dangerously blurred.

For more information on these topics, visit diplomacy.edu.

Malware hidden in fake Office add-ins targets crypto users

Hackers are using bogus Microsoft Office extensions uploaded to SourceForge to spread malware. Cybersecurity firm Kaspersky has warned that the malware is designed to steal cryptocurrency.

One listing, posing as ‘officepackage,’ contains genuine Office add-ins. However, it also hides ClipBanker — a virus that swaps copied crypto wallet addresses with those belonging to attackers.

The malware tricks users by mimicking legitimate Office add-in pages, complete with download buttons and developer-style layouts. Once installed, ClipBanker monitors the clipboard and replaces wallet addresses without users’ knowledge.

It also gathers IP addresses, usernames, and system data, which it sends to the attackers via Telegram. In some cases, the virus checks for antivirus software or previous infections and self-deletes if detected.

Kaspersky noted that the malicious files are suspiciously small or padded with junk data to appear legitimate. While the primary goal is to steal cryptocurrency, attackers may sell access to infected systems to other malicious actors.

The malware’s interface is in Russian, and most victims so far — over 4,600 — have been located in Russia.

To stay safe, Kaspersky advises downloading software only from trusted sources. The company noted a growing trend of hackers hiding malware in pirated or unofficial software to exploit users chasing free apps.

For more information on these topics, visit diplomacy.edu.

Adaptive Security raises millions to fight AI scams

OpenAI has made its first move into the cybersecurity space by co-leading a US$43 million Series A funding round for New York-based startup Adaptive Security.

The round was also backed by venture capital firm Andreessen Horowitz, highlighting growing investor interest in solutions aimed at tackling AI-driven threats.

Adaptive Security specialises in simulating social engineering attacks powered by AI, such as fake phone calls, text messages, and emails. These simulations are designed to train employees and identify weak points within an organisation’s defences.

With over 100 customers already on board, the platform is proving to be a timely solution as generative AI continues to fuel increasingly convincing cyber scams.

The funding will be used to scale up the company’s engineering team and enhance its platform to meet growing demand.

As AI-powered threats evolve, Adaptive Security aims to stay ahead of the curve by helping organisations better prepare their staff to recognise and respond to sophisticated digital deception.

For more information on these topics, visit diplomacy.edu.

Hackers exploit ESET vulnerability to deploy malware, Kaspersky warns

A recently disclosed software vulnerability in ESET security products has been identified as a potential vector for discreet malware installation, according to findings published by the cybersecurity company Kaspersky.

Catalogued as CVE-2024-11859, the flaw permits the execution of a malicious dynamic-link library (DLL) by leveraging ESET’s own antivirus scanning process. If exploited, the technique allows unauthorised code to run silently, bypassing standard system warnings and activity logs.

ESET, headquartered in Slovakia, acknowledged the issue in an advisory and issued a software update addressing the flaw. The company assigned it a medium severity rating, with a Common Vulnerability Scoring System (CVSS) score of 6.8 out of 10. ESET further indicated there is no current evidence that the vulnerability has been actively exploited in operational environments.

Kaspersky attributed the technique to a threat actor group known as ToddyCat, which has been observed since 2020 conducting operations against governmental and defence-related targets. While Kaspersky referenced the use of two specific DLLs in its analysis, ESET reported that it had not received samples of the files and could not independently confirm the attribution.

The malicious tool deployed in this case, named TCDSB by researchers, was disguised as a legitimate Windows DLL and designed to evade monitoring tools. The code appears to be a modified variant of EDRSandBlast, a known framework used to circumvent endpoint detection systems.

Modifications introduced in TCDSB are believed to enable interference with operating system components, suppressing alerts typically generated when new processes are initiated or external files loaded. Kaspersky reported multiple instances of the tool but did not identify affected organisations.

While no specific nation-state connection has been confirmed, ToddyCat has previously been associated with activities targeting institutions in Europe and Asia, as well as digital infrastructure in locations such as Taiwan and Vietnam. Some prior research has linked the group to broader cyber-espionage efforts attributed to Chinese interests.

According to ESET, successful use of the CVE-2024-11859 vulnerability requires existing administrative access to the target system, limiting the attack vector to post-compromise scenarios.

Kaspersky noted that the group employs a range of tunnelling techniques for data exfiltration, including abuse of virtual private networks and cloud services, often maintaining multiple exfiltration routes to ensure persistence even when individual channels are disrupted.

For more information on these topics, visit diplomacy.edu.

FBI and INTERPOL investigate Oracle Health data breach

Oracle Health has reportedly suffered a data breach that compromised sensitive patient information stored by American hospitals.

The cyberattack, discovered in February 2025, involved threat actors using stolen customer credentials to access an old Cerner server that had not yet migrated to the Oracle Cloud. Oracle acquired healthcare tech company Cerner in 2022 for $28.3 billion.

In notifications sent to affected customers, Oracle acknowledged that data had been downloaded by unauthorised users. The FBI is said to be investigating the incident and exploring whether ransom demands are involved. Oracle has yet to publicly comment on the breach.

The news comes amid growing cybersecurity concerns. A recent report from Horizon3.ai revealed that over half of IT professionals delay critical software patches, leaving organisations vulnerable. Meanwhile, OpenAI has boosted its bug bounty rewards to encourage more proactive security research.

In a broader crackdown on cybercrime, INTERPOL recently arrested over 300 suspects in seven African countries for online scams, seizing devices, properties, and other assets linked to more than 5,000 victims.

For more information on these topics, visit diplomacy.edu.

Neptune RAT malware targeting Windows users

A highly advanced malware known as Neptune RAT is making waves in the cybersecurity world, posing a major threat to Windows PC users. Labelled by experts as the ‘most advanced RAT ever,’ it is capable of hijacking systems, stealing cryptocurrency, extracting passwords, and even launching ransomware attacks.

According to cybersecurity firm CYFIRMA, Neptune RAT is being distributed via platforms like GitHub, Telegram and YouTube, and is available as malware-as-a-service, allowing virtually anyone to deploy it for a fee.

Neptune RAT’s feature set is alarmingly broad. It includes a crypto clipper that silently redirects cryptocurrency transactions by replacing wallet addresses with those controlled by the attackers.

It also comes with a password-stealing tool that can extract credentials from over 270 applications, including popular browsers like Chrome. Beyond theft, the malware can spy on users in real-time, disable antivirus tools including Windows Defender, and encrypt files for ransom, making it a formidable threat.

Cybersecurity experts are urging users to avoid clicking on unknown links or downloading suspicious files from platforms where the malware is circulating. In extreme cases, Neptune RAT even includes a data-wiping feature, allowing attackers to destroy all data on a compromised system.

Users are advised to stay cautious online and consider identity theft protection plans that offer financial recovery and insurance should a system replacement become necessary.

For more information on these topics, visit diplomacy.edu.

Thailand strengthens cybersecurity with Google Cloud

Thailand’s National Cyber Security Agency (NCSA) has joined forces with Google Cloud to strengthen the country’s cyber resilience, using AI-based tools and shared threat intelligence instead of relying solely on traditional defences.

The collaboration aims to better protect public agencies and citizens against increasingly sophisticated cyber threats.

A key part of the initiative involves deploying Google Cloud Cybershield for centralised monitoring of security events across government bodies. Instead of having fragmented monitoring systems, this unified approach will help streamline incident detection and response.

The partnership also brings advanced training for cybersecurity personnel in the public sector, alongside regular threat intelligence sharing.

Google Cloud Web Risk will be integrated into government operations to automatically block websites hosting malware and phishing content, instead of relying on manual checks.

Google further noted the impact of its anti-scam technology in Google Play Protect, which has prevented over 6.6 million high-risk app installation attempts in Thailand since its 2024 launch—enhancing mobile safety for millions of users.

For more information on these topics, visit diplomacy.edu.

Earthquake disrupts Myanmar internet and surveillance ops

A powerful earthquake in Myanmar has significantly disrupted the junta’s cyber operations, severely damaging the National Cyber Security Center and a major e-Government data hub in Naypyitaw.

The Ministry of Transport and Communications confirmed that repairs are underway, though many internet services in quake-affected areas remain unstable.

According to the opposition National Unity Government (NUG), the damage could weaken the military regime’s ability to monitor and suppress dissent online.

The National Cyber Security Center, which played a central role in tracking online activity and orchestrating arrests via surveillance tools, was among the worst-hit sites. Thousands of communication stations were also damaged, with less than half restored so far.

The quake has also taken down several junta ministry websites and left staff in Naypyitaw facing harsh living conditions. With Myanmar recording the highest number of internet shutdowns globally in 2024, activists fear the regime will attempt to regain control, but the full extent of the digital disruption may be greater than reported.

For more information on these topics, visit diplomacy.edu.

National Crime Agency responds to AI crime warning

The National Crime Agency (NCA) has pledged to ‘closely examine’ recommendations from the Alan Turing Institute after a recent report highlighted the UK’s insufficient preparedness for AI-enabled crime.

The report, from the Centre for Emerging Technology and Security (CETaS), urges the NCA to create a task force to address AI crime within the next five years.

Despite AI-enabled crime being in its early stages, the report warns that criminals are rapidly advancing their use of AI, outpacing law enforcement’s ability to respond.

CETaS claims that UK police forces have been slow to adopt AI themselves, which could leave them vulnerable to increasingly sophisticated crimes, such as child sexual abuse, cybercrime, and fraud.

The Alan Turing Institute emphasises that although AI-specific legislation may be needed eventually, the immediate priority is for law enforcement to integrate AI into their crime-fighting efforts.

An initiative like this would involve using AI tools to combat AI-enabled crimes effectively, as fraudsters and criminals exploit AI’s potential to deceive.

While AI crime remains a relatively new phenomenon, recent examples such as the $25 million Deepfake CFO fraud show the growing threat.

The report also highlights the role of AI in phishing scams, romance fraud, and other deceptive practices, warning that future AI-driven crimes may become harder to detect as technology evolves.

For more information on these topics, visit diplomacy.edu.